Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 0083-0611

*****
i have already used ewido in safe mode and have updated definitions of NAV 2005 on my comp. even downloaded l2m removal tool from symantec (it even fails to find the l2m spyware). nothing seems to work. ewido removes them in the safe mode but when i log back into normal mode, ewido pops up with detection warnings even before, i could see the icons on my desktop.
thx for helping me!

I rebooted after doing a scan with sweeper and ewido popped up a warning. i cleaned it and then once again ran sweeper. found out that the warnings were coming from nprotect (recycle bin). i then removed all the files present in the nprotect recycle bin. i dont wanna jump the gun but its so far so good .

spy sweeper was earlier blocking millions of attempt to the site a-d-w-a-r-e.com. i then scanned with spysweeper and found Adwre: Icannews. i removed it using the same software and shut off teh comp. online scan was done abt a half an hr earlier after rebooting the comp (7-8 hrs after removing Icannews) and then i did hijack this log.

***********

if you need any more info, pls ask me. i will be glad to provide you with the same.

I Forgot to tell you show hidden files in my last post, so follow the instuctions below and see if the files are there. Do not worry if you cannot find them.

Go to start>control panel>folder options>view (tab)*choose to "show hidden files and folders,"*uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.*Close the window with ok*All hidden files will now be visible

andydf

Posted 18 November 2005 - 03:36 PM

andydf

Visiting Staff

Visiting Consultant

1,660 posts

Hi Wolv3rin3

Let's see if Spysweeper can finish this off in safe mode.

Ensure Spysweeper is updated.Reboot into safe modeOpen Spysweeper and run a full scan.Do not open any windows/programs for the duration of the scanAfter the scan is complete, reboot into normal windows.Rescan with HJT and post a new log along with the Spysweeper log in your reply.

*********************************there were no other entris in the right pane that started with an underscore. only two other keys remain in that right pane now (after copying that address). one is default and the other is similar to the one i deleted but it does not start with an underscore. so i didnt even touch them

one more thing ANDYDF.. do i still need to scan with spysweeper in safe mode???

Michelle

Posted 19 November 2005 - 08:03 AM

Michelle

Malware Removal Goddess

Retired Staff

8,928 posts

It's gone, excellent

there were no other entris in the right pane that started with an underscore. only two other keys remain in that right pane now (after copying that address). one is default and the other is similar to the one i deleted but it does not start with an underscore. so i didnt even touch them